AWS Global Infrastructure: Edge Locations
In the AWS ecosystem, Edge Locations are the frontline of content delivery. While Regions and Availability Zones (AZs) are where your core infrastructure (like EC2 instances and RDS databases) lives, Edge Locations are smaller points of presence (PoP) located in major cities around the world. They are specifically designed to reduce latency by bringing content closer to the end-user.
The Pizza Delivery Analogy
Imagine a massive central kitchen (The AWS Region) located in the suburbs. If everyone in the city orders a pizza, the delivery bikes have to travel a long way, and the pizza gets cold (High Latency). To solve this, the pizza chain sets up small warming stations (Edge Locations) in every neighborhood. The pizzas are pre-cooked in the central kitchen and kept warm at the station. When a neighbor orders, the pizza arrives in minutes (Low Latency).
Core Services at the Edge
Edge Locations are not used to run your main application; instead, they host specific AWS services designed for global distribution:
- Amazon CloudFront: AWS’s Content Delivery Network (CDN). It caches static content (images, videos, JS) and proxies dynamic requests.
- Amazon Route 53: A highly available Domain Name System (DNS) service that resolves queries at the nearest Edge Location.
- AWS WAF & Shield: Security services that filter malicious traffic and mitigate DDoS attacks before they ever reach your origin servers.
- Lambda@Edge & CloudFront Functions: Allows you to run code at the edge to customize content or perform simple logic (e.g., URL rewrites).
- AWS Global Accelerator: Uses the AWS global network to route traffic to the best performing regional endpoint using Anycast IPs.
CloudFront vs. Global Accelerator
| Feature | Amazon CloudFront | AWS Global Accelerator |
|---|---|---|
| Primary Purpose | Caching content (Static/Dynamic) | Improving network path (TCP/UDP) |
| Protocol Support | HTTP / HTTPS / WebSockets | TCP / UDP |
| Caching | Yes (TTL based) | No caching |
| IP Addresses | Dynamic IPs (DNS based) | 2 Static Anycast Anycast IPs |
| Best For | Websites, Video Streaming | Gaming, VoIP, IoT, Non-HTTP apps |
Decision Matrix / If–Then Guide
- If the requirement is to reduce latency for static images/videos… Then use CloudFront.
- If you need to block SQL injection attacks at the edge… Then use AWS WAF on CloudFront.
- If your application uses a non-HTTP protocol (like a gaming server)… Then use Global Accelerator.
- If you need to perform simple header manipulation with minimal latency… Then use CloudFront Functions.
- If you need to protect against massive Layer 3/4 DDoS attacks… Then AWS Shield Standard (enabled by default at Edge) handles it.
Exam Tips and Gotchas
- Not for Hosting: You cannot launch an EC2 instance or an RDS database in an Edge Location. They are for caching and routing only.
- Regional Edge Caches: CloudFront uses “Regional Edge Caches” as a mid-tier between the Edge Location and your Origin to improve cache hit ratios.
- Origin Access Control (OAC): On the exam, if you need to ensure users only access S3 via CloudFront, use OAC.
- Cost: Data Transfer Out from CloudFront to the Internet is generally cheaper than Data Transfer Out from EC2 directly to the Internet.
- Lambda@Edge vs CloudFront Functions: CloudFront Functions are for high-scale, simple JS tasks (sub-ms). Lambda@Edge is for complex logic (Node.js/Python) and can access the request body.
Topics covered:
Summary of key subtopics covered in this guide:
- Definition of Edge Locations vs. Regions/AZs.
- Amazon CloudFront caching and origin types.
- Route 53 global DNS resolution.
- Security at the edge (WAF & Shield).
- Comparison between CloudFront and Global Accelerator.
- Compute at the edge (Lambda@Edge and CloudFront Functions).
AWS Edge Infrastructure Visualized
The “Cache Hit” scenario: Content is served directly from the Edge Location, bypassing the Origin.
Security Ecosystem
WAF: Protects against Layer 7 (HTTP) attacks.
Shield: Managed DDoS protection (Standard is free).
KMS: Integration for signed URLs and cookies.
Performance & Scaling
TTL (Time to Live): Controls how long content stays at the edge.
Invalidations: Manually clear cache (costs money if frequent).
S3 Transfer Acceleration: Uses Edge Locations to speed up uploads to S3.
Cost Optimization
Price Classes: Choose which Edge Locations to use (Class 100, 200, All) to save money by excluding expensive regions.
Free Tier: Includes 1TB of data transfer out per month.
Production Use Case
A global e-commerce site hosts its frontend on S3. By using CloudFront, users in London and Sydney experience the same fast load times because the HTML/CSS is cached at their local Edge Location. The site uses AWS WAF to block bot scrapers at the edge, ensuring the origin S3 bucket isn’t overwhelmed.